Vulnerabilities > CVE-2006-4588 - HTML Injection and Access Control Bypass vulnerability in Vtiger CRM 4.2/4.2.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |